EP3839734A1 - Intégration de services d'orchestration à des services d'automatisation cloud - Google Patents
Intégration de services d'orchestration à des services d'automatisation cloud Download PDFInfo
- Publication number
- EP3839734A1 EP3839734A1 EP19217193.2A EP19217193A EP3839734A1 EP 3839734 A1 EP3839734 A1 EP 3839734A1 EP 19217193 A EP19217193 A EP 19217193A EP 3839734 A1 EP3839734 A1 EP 3839734A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- workflow
- security group
- rule
- vro
- snow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Definitions
- the invention relates to the field of cloud services management and provision.
- cloud service providers offering hybrid and or multi-cloud services to major corporation has the challenge of providing orchestration of a vast number of legacy infrastructures of multiple customers and multi-cloud environments (Private / Public / Various brands GCP, AWS, Azure, VMware, OracleVM).
- Virtualization of computing infrastructures is a fundamental process that powers cloud computing in order to provide services to customers requesting services on a cloud platform through a portal.
- the features of the virtualization software are not well integrated with a services management unit of the cloud platform, the customers may not be able to access certain functionalities of the cloud platform, which can have a negative impact on the quality of service provided by said cloud platform.
- CMP Cloud Service orchestration/processing module
- CMP Cloud Automation Service
- vSphere a virtualization software
- the very basic integration does not allow to manage vSphere Virtual Machines (VMs) using the cloud management portal.
- the present invention therefore has the object to obviate certain drawback of the prior art by proposing a computing infrastructure for providing cloud services to customers.
- CMPP cloud management platform portal
- CMPP cloud management platform portal
- a system for managing security on a cloud management platform portal comprising a set of routines (scripts) which are executed on a computing device or processor allowing the cloud management platform portal to contact a cloud automation service (CAS) by using a REST API (Representational State Transfer Application Programing Interface) to access and configure a set of functionalities of the CAS of the platform hosting services in a portal so as to provision services to a customer, and a ServiceNow (SNOW) application comprising at least one set of herebelow routines comprising at least one of the following:
- the system comprises a set of routines the execution of which on a processor provides to the CMPP a set of functionalities and applications comprising at least:
- the set of functionalities and applications also comprises:
- Another goal of the invention also concerns a method for providing cloud services to customers.
- This goal is achieved by a process for managing a security group on a cloud management platform portal by means of a system for managing security as described in the invention, the system comprising a set of software codes executed on a processor of the platform to implement the process for managing a security group, said process being characterized in that it comprises at least one of the following:
- a set of software codes is executed on the platform for creating a security group (SG), said creation of a security group process comprising:
- a set of software codes is executed on the platform for modifying an existing security group, said modification of an existing security group process comprising the following steps:
- a set of software codes is executed on the platform for deleting a security group, said deletion of a security group process comprising the following steps:
- a set of software codes is executed on the platform for configuring a SDN security group rule, said configuration of a SDN security group rule process comprising at least one of the sub-steps:
- a set of software codes is executed on the platform for creating a SDN security group rule, said creation of a SDN security group rule process, comprising:
- a set of software codes is executed on the platform for modifying a SDN security group rule, said modification of a SDN security group rule process comprising the following steps:
- a set of software codes is executed on the platform for deleting a SDN security group rule, said deletion of a SDN security group rule process comprising the following steps
- the system for managing security is used in a server for managed PaaS (Platform as a service) comprising, in a container-based architecture, at least a processor and memories to save data and executable softwares so as to embed a cloud application software into a fully managed PaaS stack, abstracting complex hybrid Infrastructure as a Service (IaaS) away, said server being characterized in that the SNOW application of the system for managing security represents a first layer of said server, executed on at least a processor and is configured to:
- the SNOW application is executed on the server for managed PaaS and displayed on a console adapted to the cloud application integrated software by integrating a specific API configured to interface the SNOW (ServiceNow) application language and command to the language and command of the cloud Application integrated software.
- the system for managing security is used in an orchestrate Hybrid cloud system wherein a SAP (Systems, Applications and Products for data processing) administration is supported by said security management system for security audit and backup monitoring purpose and provisioning by:
- SAP Systems, Applications and Products for data processing
- the SNOW application execution on a processor of a computing device of the Orchestrated Hybrid cloud, provides an interface for enabling a user to determine any of the following parameters:
- the present invention concerns a system for managing security on a cloud management platform portal (CMPP (1)).
- CMPP (1) cloud management platform portal
- the system comprises a set of routines (scripts) which are executed on a computing device or processor allowing the cloud management platform portal to contact a cloud automation service (CAS (4)) by using a REST API (3) (Representational State Transfer Application Programing Interface) to access and configure a set of functionalities of the CAS (4) of the platform hosting services in a portal so as to provision services to a customer, and a ServiceNow (2) (SNOW (2)) application comprising at least one the set of herebelow routines comprising at least one of the following:
- the ServiceNow (2) application may also comprises at least one the set of herebelow routines comprising at least one of the following
- a security group is a container for security group rules. Security groups and security group rules may allow administrators/manager to specify the type of traffic that is allowed to pass through a port.
- VM virtual machine
- VN virtual network
- the SDN is an approach to networking that separates a control plane from a forwarding plane to support virtualization of computing infrastructures or systems.
- the ServiceNow (2) (SNOW) application is a Cloud service processing/orchestration module or program or code.
- the system for managing security on a cloud management platform portal comprises a set of routines which execution on a processor provides to the CMPP (1) a set of functionalities and applications comprising at least:
- a Disaster Recovery Pod is an additional infrastructure that may be used to host the workloads after disaster occurs in a primary site.
- the set of applications provided to the CMPP (1) by the execution of the set of routines included in the system for managing security on a cloud management platform portal may comprise a vRA (vRealize Automation) application for automation of cloud services.
- vRA vRealize Automation
- the set of functionalities and applications provided to the CMPP (1) by the system the system for managing security on a cloud management platform portal (CMPP (1)) through the execution of a set of routines on a processor, may also comprise:
- a distributed firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks.
- the NSX (7) Distributed firewall is a stateful firewall, meaning it monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
- a flow is identified by the following:
- Distributed firewall can help in creating identity-based rules as well. Administrators can enforce access control based on the user's group membership as defined in the enterprise Active Directory. For example, and without limitation, some scenarios where identity-based firewall rules can be used are:
- Edge Firewall monitors the North-South traffic to provide perimeter security functionality including firewall, Network Address Translation (NAT), and site-to-site IPSec and SSL VPN functionality. This solution is available in the virtual machine form factor and can be deployed in a High Availability mode.
- NAT Network Address Translation
- SSL VPN Secure Sockets Layer
- the invention also concerns a method for managing security group on a cloud management platform portal.
- the process for managing a security group on a cloud management platform portal comprising a set of software codes executed on a processor the platform to implement the process for managing a security group, said process being characterized in that it comprises at least one of the following:
- a set of software codes is executed on the platform for creating a security group (SG), said creating a security group process comprising, as illustrated on Figure 2 :
- a set of software codes is executed on the platform for modifying an existing security group, said modifying an existing security group process comprising, as illustrated on Figure 3 :
- a set of software codes is executed on the platform for deleting a security group, said deleting a security group process comprising as illustrated on Figure 4 :
- a set of software codes is executed on the platform for adding server to a security group (not illustrated in the present invention), said adding server to a security group process comprising:
- a set of software codes is executed on the platform for removing a virtual server to a security group (not illustrated in the present invention) and, said removing a virtual server to a security group comprising for the following steps:
- a set of software codes is executed on the platform for configuring a SDN security group rule, said configuring a SDN security group rule process comprising at least one of the sub-steps:
- a set of software codes is executed on the platform for creating a SDN security group rule, said creating a SDN security group rule comprising, as illustrated on Figure 5 :
- a set of software codes is executed on the platform for modifying a SDN security group rule, said modifying a SDN security group rule process comprising, as illustrated on Figure 6 :
- a set of software codes is executed on the platform for deleting SDN security group rule, said deleting SDN security group rule process comprising, as illustrated on Figure 7 :
- the system for managing security may be used in a server for managed PaaS (Platform as a service) comprising, in a container-based architecture, at least a processor and memories to save data and executable softwares so as to embed a cloud application software into a fully managed PaaS stack, abstracting complex hybrid Infrastructure as a Service (IaaS) away.
- the SNOW application of the system for managing security may represent a first layer of said server for managed PaaS, executed on at least a processor and configured to:
- the SNOW application is executed on the server for managed PaaS and displayed on a console adapted to the cloud application integrated software (Apprenda) by integrating a specific API configured to interface the SNOW (ServiceNow (2)) application language and command to the language and command of the cloud Application integrated software (Apprenda).
- system for managing security may be used in an orchestrate Hybrid cloud system wherein a SAP (Systems, Applications and Products for data processing) administration is supported by said security management system for security audit and backup monitoring purpose and provisioning by:
- SAP Systems, Applications and Products for data processing
- the SNOW application execution, of the system for managing security used in the Orchestrated Hybrid Cloud system, on a processor of a computing device of the Orchestrated Hybrid cloud system provides an interface for enabling a user to determine any of the following parameters:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19217193.2A EP3839734A1 (fr) | 2019-12-17 | 2019-12-17 | Intégration de services d'orchestration à des services d'automatisation cloud |
US17/123,894 US11902329B2 (en) | 2019-12-17 | 2020-12-16 | Integration of an orchestration services with a cloud automation services |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19217193.2A EP3839734A1 (fr) | 2019-12-17 | 2019-12-17 | Intégration de services d'orchestration à des services d'automatisation cloud |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3839734A1 true EP3839734A1 (fr) | 2021-06-23 |
Family
ID=68944336
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19217193.2A Pending EP3839734A1 (fr) | 2019-12-17 | 2019-12-17 | Intégration de services d'orchestration à des services d'automatisation cloud |
Country Status (2)
Country | Link |
---|---|
US (1) | US11902329B2 (fr) |
EP (1) | EP3839734A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11442669B1 (en) | 2018-03-15 | 2022-09-13 | Pure Storage, Inc. | Orchestrating a virtual storage system |
WO2023050070A1 (fr) * | 2021-09-28 | 2023-04-06 | 中远海运科技股份有限公司 | Procédé et dispositif de protection d'accès au réseau de trafic total d'un hôte en nuage |
US20230222044A1 (en) * | 2022-01-07 | 2023-07-13 | Jpmorgan Chase Bank, N.A. | System and method for automatically monitoring performance of software robots |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012021324A2 (fr) * | 2010-08-12 | 2012-02-16 | Unisys Corporation | Déplacement d'applications logicielles d'une entreprise vers un domaine d'infonuagique |
US20160065417A1 (en) * | 2013-03-15 | 2016-03-03 | Gravitant, Inc | Fulfillment of cloud service orders |
FR3075528A1 (fr) * | 2017-12-19 | 2019-06-21 | Atos Uk International It Services Limited | Systeme de nuage hybride orchestre pour sap |
WO2019121677A1 (fr) * | 2017-12-19 | 2019-06-27 | Atos Information Technology GmbH | Nuage public géré |
WO2019121679A1 (fr) * | 2017-12-21 | 2019-06-27 | Atos International B.V. | Plate-forme de gestion de nuage |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9069599B2 (en) * | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US8914406B1 (en) * | 2012-02-01 | 2014-12-16 | Vorstack, Inc. | Scalable network security with fast response protocol |
CN107409126B (zh) * | 2015-02-24 | 2021-03-09 | 思科技术公司 | 用于保护企业计算环境安全的系统和方法 |
US10171507B2 (en) * | 2016-05-19 | 2019-01-01 | Cisco Technology, Inc. | Microsegmentation in heterogeneous software defined networking environments |
US10645087B2 (en) * | 2017-06-06 | 2020-05-05 | Amgen Inc. | Centralized authenticating abstraction layer with adaptive assembly line pathways |
US10666508B2 (en) * | 2017-06-09 | 2020-05-26 | Nicira, Inc. | Unified software defined networking configuration management over multiple hosting environments |
US11169815B2 (en) * | 2018-01-16 | 2021-11-09 | Bby Solutions, Inc. | Method and system for automation tool set for server maintenance actions |
US20190356697A1 (en) * | 2018-05-15 | 2019-11-21 | Nicira, Inc. | Methods and apparatus to assign security in networked computing environments |
US10999326B1 (en) * | 2018-05-30 | 2021-05-04 | Tigera, Inc. | Fine grained network security |
US10708230B2 (en) * | 2018-06-14 | 2020-07-07 | Servicenow, Inc. | Systems and methods for firewall configuration using block lists |
US11108859B2 (en) * | 2018-07-02 | 2021-08-31 | Accenture Global Solutions Limited | Intelligent backup and recovery of cloud computing environment |
US10826770B2 (en) * | 2018-07-26 | 2020-11-03 | Cisco Technology, Inc. | Synthesis of models for networks using automated boolean learning |
US11537627B1 (en) * | 2018-09-28 | 2022-12-27 | Splunk Inc. | Information technology networked cloud service monitoring |
US11315044B2 (en) * | 2018-11-08 | 2022-04-26 | Vmware, Inc. | Multi dimensional scale analysis using machine learning |
US10924344B2 (en) * | 2019-04-11 | 2021-02-16 | Servicenow, Inc. | Discovery and mapping of cloud-based resource modifications |
US10798084B1 (en) * | 2019-04-30 | 2020-10-06 | Sailpoint Technologies, Inc. | System and method for identity management of cloud based computing services in identity management artificial intelligence systems |
US20210021471A1 (en) * | 2019-07-15 | 2021-01-21 | Microsoft Technology Licensing, Llc | Techniques for managing virtual networks |
-
2019
- 2019-12-17 EP EP19217193.2A patent/EP3839734A1/fr active Pending
-
2020
- 2020-12-16 US US17/123,894 patent/US11902329B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012021324A2 (fr) * | 2010-08-12 | 2012-02-16 | Unisys Corporation | Déplacement d'applications logicielles d'une entreprise vers un domaine d'infonuagique |
US20160065417A1 (en) * | 2013-03-15 | 2016-03-03 | Gravitant, Inc | Fulfillment of cloud service orders |
FR3075528A1 (fr) * | 2017-12-19 | 2019-06-21 | Atos Uk International It Services Limited | Systeme de nuage hybride orchestre pour sap |
WO2019121677A1 (fr) * | 2017-12-19 | 2019-06-27 | Atos Information Technology GmbH | Nuage public géré |
WO2019121679A1 (fr) * | 2017-12-21 | 2019-06-27 | Atos International B.V. | Plate-forme de gestion de nuage |
Also Published As
Publication number | Publication date |
---|---|
US11902329B2 (en) | 2024-02-13 |
US20210185007A1 (en) | 2021-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10318265B1 (en) | Template generation for deployable units | |
US11409719B2 (en) | Co-locating microservice persistence containers within tenant-specific database | |
US9621592B2 (en) | System and method for software defined deployment of security appliances using policy templates | |
US11048544B2 (en) | Cloud resource credential provisioning for services running in virtual machines and containers | |
US20180278602A1 (en) | Desktop application fulfillment platform with multiple authentication mechanisms | |
US11902329B2 (en) | Integration of an orchestration services with a cloud automation services | |
US8316125B2 (en) | Methods and systems for automated migration of cloud processes to external clouds | |
US11106492B2 (en) | Workflow service for a cloud foundry platform | |
US10552796B1 (en) | Approval service in a catalog service platform | |
US11068136B1 (en) | Application fulfillment platform with automated license management mechanisms | |
US11363117B2 (en) | Software-specific auto scaling | |
CN107967140B (zh) | 软件修改的发起方法、发布元数据的方法及装置 | |
US10356155B2 (en) | Service onboarding | |
US20140237373A1 (en) | Method of provisioning a cloud-based render farm | |
WO2015038241A1 (fr) | Procédés, systèmes et supports lisibles par un ordinateur destinés à mettre à jour des éléments dans un système d'infrastructure convergente | |
CN103595801B (zh) | 一种云计算系统及其虚拟机实时监控方法 | |
US20200136930A1 (en) | Application environment provisioning | |
US20140337750A1 (en) | Dynamically grouping monitored resources in a cloud environment to collections representing a composite application | |
CN111708550A (zh) | 应用部署方法、装置、计算机设备及存储介质 | |
Van't Hof et al. | Androne: Virtual drone computing in the cloud | |
US11119817B2 (en) | Breaking dependence of distributed service containers | |
KR101544487B1 (ko) | 복수의 사용자 계정들을 갖는 클라이언트에 대한 가상 데스크톱 서비스 시스템 | |
CN114489954A (zh) | 基于虚拟化平台的租户创建方法、租户访问方法及设备 | |
CN110798504B (zh) | 跨区域共享服务的方法、装置、管理设备及存储介质 | |
CN111447076B (zh) | 网络功能虚拟化nvf系统的容器部署方法及网元 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210409 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AGARIK SAS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20221128 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230330 |